Audited financials aren’t enough, survey finds

The results are in, and they send a clear message to corporations and their auditors. Investors have continued “strong interest in expanded assurance services beyond traditional financial statement audits,” according to Center For Audit Quality’s latest Annual Institutional Investor Survey.

The survey of 300 institutional investors in the US, conducted in November, shows strong interest in information not found in financial statements relating to governance, cybersecurity risk, and data privacy. At the same time, investors “view standards, comparability, and regulatory clarity” as table stakes.

More than four in five (81%) respondents use information on cybersecurity risk in making investment decisions either all the time or most of the time, an increase from roughly three in four (74%) in the previous year’s survey. Following cybersecurity, respondents most frequently said they review info on data privacy (78%), sustainability reporting (78%), and governance (77%). The survey shows that “investors are not a monolith,” and that their priorities vary, Brad Jacklin, CAQ senior director for communications and market research, told CFO Brew. This means the information they seek out will also vary.

“It’s important for the public company audit profession and management to put in the effort on identifying the information that is going to be most useful for a broad range of investors, and how to improve and enhance the value of that information by making it consistent and comparable,” he said. “There is a premium placed on information when it is provided by, or reviewed by, an independent entity like a public company auditor.”

Other research shows investors are keen on the risks that companies face. A PwC survey of over 1,000 investors globally, conducted in September and early October, found that over half (55%) of respondents said the companies they invest in were either extremely or highly exposed to cyber risks. Other key risks included technology disruption and inflation.

Investors think disclosures in these areas also need improvement.

Per the CAQ survey, nearly nine in 10 (86%) of respondents said cybersecurity risk disclosures need either some or significant improvement, and a nearly equal proportion said the same of sustainability reporting (85%) and data privacy and management disclosures (84%). But above all, 87% of respondents said companies need to improve their disclosures around AI use and investments.

Likewise, most (88%) investors in the PwC survey said companies should invest slightly to significantly more in cybersecurity, although many also saw technology disruption as an important threat; 92% said companies needed to increase investment in technological transformation.